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POST /bookingform-jsp HTTP/1 .1 

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/ 
vnd.ms-excel, applicatipn/msword, application/vnd.ms-powerpoint, *\* 
Accept-Language: en-us 

ontent-Type: multipart/form-data; boundary = 

7d23403440456 
Accept-Encoding: gzip, deflate 

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; 

T3 12461) 

Host: scan.airline.ca 

Content-Length: 1 50 

Connection: Keep-Alive 

Cache-Control: no-cache 28' 

: . 7d2340344Q456<^ 30" 



Content-Disposition: form-data; name » "phone* 
{416)841-7712 ^28" 

7d23403440456 



Content-Disposition: form-data; name » "passengers" 
2 

7d2340344a456 

Content-Disposition: form-data; name = "comment" 
vegetarian meal only 
7d23403440456- 

FIG. IC 
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POST /StockQuote HTTP/1.1 
Host: www.stockquoteserver.com 
Content-Type: text/xml; charset="utf-8 




18a'" Content-Length: nnnn 
SOAPAction: "Some-URI" 




22 



<SOAP-ENV:Envelope if 
xmlns:SOAP*EI\IV« "http://schemas.xmlsoap.org/soap/envelope/'' 
SOAP-ENV:encodingSty!e = "http://schemas.xmlsoap.org/soap/ 
encoding/"/ > 

<SOAP-ENV:Header> 
<t:Transaction xmlns:t="some-URI" SOAP- 
ENV:mustUnderstand-"1" > 



</t:Transaction> 
</SOAP-ENV:Header> 
<SOAP-EI\lV:Body> 

< m:GetLastTradePriceDetailed xmlns:m= "Some-URI" > 
< Symbol > DEF < /Symbol > 

^< Company > DEF Corp < /Company > 
25"' < Price > 34. 1< /Price > 

< /m:GetLastTradePriceDetaiied > 



</SOAP-ENV:Body> 
</SOAP-ENV:Enve!ope> 



FIG. ID 
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5/6 ^50 

Trigger: All request for URLs containing the characters "form" 
Conditions: 

-The method must be POST 54 56 

r- ^ St * \ 

jTherejTTust exist b etween 1 and 100 POST fields 53 
-No more than 5% of the POST fields may have blank (empty) values 
-There must exist exactly one field named Comments 
-The value of the Comments field must be between 20 and 2000 
characters in length 

-The statistical distribution of characters in the Comments field must 
not differ from that of standard English by more than the threshold X 
Trigger: All request for URLs ending in the characters ".jsp" 
Conditions: 56 
-There must exist exactly one cookie named SessionID 
-There may not exist any cookies not named SessionID 
-The value of the SessionID cookie must be between 1 2 and 14 
characters in length and must be composed exclusively of the numerals 
0 through 9 and the uppercase letters A through F 
-The method must be HEAD or GET 

Trigger: All request for URLs beginning with the characters "/images" 
OR ending with the characters ".gif" or ".jpg" - 
Conditions: 

-The method must be HEAD or GET 
-There must not be any GET parameters 

-There must not be any cookies FIG. 2 

-There must be no more than ten headers 

-The URI must not exceed 200 characters in length 
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